Authentication using a Transaction History

ABSTRACT

Systems and methods are provided for authenticating a user. In one implementation, a computer-implemented method is provided. According to the method, transaction history information for each one of a set of users is maintained in a storage device. The method provides identifiers associated with items for display and receives, from one of the users, a selection of one or more of the identifiers. The method further authenticates the user as a function of the selection and a transaction history of the user.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims the benefit of bothco-pending U.S. patent application Ser. No. 14/280,708, filed May 19,2014, entitled “AUTHENTICATION USING A TRANSACTION HISTORY,” as well asU.S. patent application Ser. No. 11/797,455, filed May 3, 2007, now U.S.Pat. No. 8,732,089, entitled “AUTHENTICATION USING A TRANSACTIONHISTORY,” both of which are incorporated herein by reference in theirentireties.

BACKGROUND I. Technical Field

The present invention generally relates to the field of computerizedsystems. More particularly, the invention relates to computerizedsystems and methods for authenticating a user to access or utilize allor part of a computer system.

II. Background Information

To access an account at an Internet site, a user typically submitscredentials to the Internet site, which are then authenticated. Forexample, the most commonly encountered credentials are username andpassword. The username may be an email address of the user or otheralphanumeric identifier. The username, accordingly, may be known toothers. By contrast, the password is kept secret by the user and mayinclude a combination of alphanumeric characters.

As the Internet has proliferated as a means of conducting commerce,Internet fraud has also increased. The username and password combinationis no longer sufficient to securely authenticate users of Internetsites. For example, through a fraud scheme called “phishing,”individuals fraudulently obtain username and password combinations fromusers that receive electronic messages purporting to originate from alegitimate Internet site. Some phishing techniques send out masselectronic mail messages to persons representing that the messages arefrom a trusted source (e.g., an Internet site from which the user haspurchased goods or services). The messages request a reply from a userproviding his or her username and password or provide a link to a pageon which the user is requested to confirm his or her username andpassword.

When a perpetrator of such a phishing technique collects a large numberof username and password combinations, the amount of damage theperpetrator may cause is considerable. For example, the perpetratormight execute automated scripts to access a large number of useraccounts. If an Internet site allows users to sell items to the public,the perpetrator may use the automated scripts to log into the useraccounts, post listings of items with low prices, and collect moneywithout any intention to ship the sold items. Alternatively, theperpetrator might access a user's account information, such as paymentinformation (e.g., credit card information) and/or might makeunauthorized purchases using stolen payment information or may placeorders with Internet sites.

As is evident from the foregoing, since user account information may beguarded by only username and password combinations, once a perpetratorhas obtained a username and password, the perpetrator has access to allaspects of the account because the username and password are the soleline of defense for many accounts. Recognizing that current systems andmethods of user authentication do not sufficiently guard against fraud,some Internet sites have added additional authentication steps. Forexample, some Internet sites present security challenge questions inaddition to authenticating a username and password. These securitychallenge questions might ask the user to submit, for example, his orher mother's maiden name, where the user was born, or a name of a firstemployer. These questions require the user to remember this informationand enter it correctly (e.g., correct spelling, punctuation, etc.)Furthermore, although requiring more effort, perpetrators of fraud mayalso obtain this information from the user and/or other sources tocircumvent extra security measures.

As a result of the foregoing, traditional techniques require more usereffort, result in a less user friendly experience, and do not secureuser account information. Accordingly, there is a need for improvedsystems and methods that secure user account information whilepreserving the user experience.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this disclosure, illustrate various embodiments and aspects ofthe present invention. In the drawings:

FIG. 1 is a diagram of an example of a system for authenticating a user;

FIG. 2 is a diagram of an example of an architecture of a retail server;

FIG. 3 is a diagram of an example of a software architecture forauthenticating a user;

FIG. 4 is an example of a user interface for authenticating a user; and

FIG. 5 is an example of a flow diagram of a routine for authenticating auser.

DETAILED DESCRIPTION

The following detailed description refers to the accompanying drawings.Wherever possible, the same reference numbers are used in the drawingsand the following description to refer to the same or similar parts.While several exemplary embodiments are described herein, modifications,adaptations and other implementations are possible, without departingfrom the spirit and scope of the invention. For example, substitutions,additions or modifications may be made to the components illustrated inthe drawings, and the exemplary methods described herein may be modifiedby substituting, reordering, or adding steps to the disclosed methods.Accordingly, the following detailed description does not limit theinvention. Instead, the proper scope of the invention is defined by theappended claims.

Embodiments disclosed herein provide computer-implemented systems andmethods for authenticating a user. The systems and methods may maintaintransaction history information for each one of a set of users. Forexample, the transaction history information may be stored in a storagedevice. Furthermore, the systems and methods may provide identifiersthat are associated with items for display. The identifiers may beprovided to, for example, one of the users. The systems and methods mayreceive, from one of the users, a selection of one or more of theidentifiers. Furthermore, the systems and methods may authenticate theuser as a function of the selection and a transaction history of theuser.

Consistent with a disclosed embodiment, a computer-implemented method isprovided for authenticating a user. The method may maintain, in astorage device, transaction history information for a user identifyingitems previously purchased by the user. The method may further provide aplurality of identifiers associated with items for display. Theplurality of identifiers may include at least one identifier of an itempreviously purchased by the user and a plurality of identifiers of itemsnot previously purchased by the user. The method may receive, from theuser, a selection of one or more of the identifiers and determinewhether the selected one or more items corresponds with items previouslypurchased by the user. Furthermore, the method may authenticate the userif the selected one or more items corresponds with items previouslypurchased by the user.

Consistent with another disclosed embodiment, a computer-implementedmethod is provided for authenticating a user. The method may maintain,in a storage device, transaction history information for each one of aset of users. The method may provide identifiers associated with itemsfor display and receive, from one of the users, a selection of one ormore of the identifiers. Furthermore, the method may authenticate theuser as a function of the selection and a transaction history of theuser.

Consistent with another disclosed embodiment, a computer-implementedmethod is provided for authenticating a user. The method may display agroup of items comprising a plurality of items that are not included ina transaction history of the user and one or more items that areincluded in the transaction history of the user. The method may receive,from the user, a selection of one or more items in the group anddetermine whether the selected one or more items are included in thetransaction history. Furthermore, the method may authenticate the userif the selected one or more items are included in the transactionhistory.

Consistent with yet another disclosed embodiment, a computer-implementedmethod is provided for authenticating a user. The method may select, foreach of a plurality of categories of products, a product. One of theselected products may have been purchased by the user. The method maydisplay identifiers of the selected products and receive, from the user,a selection of one of the identifiers. Furthermore, the method mayauthenticate the user based on the selection.

Consistent with still yet another disclosed embodiment, a system isprovided for authenticating a user. The system may comprise a catalogserver including a data store storing identifiers of items and a retailserver in communication with the catalog server. The retail server maybe operable to transmit a plurality of identifiers of items retrievedfrom the catalog server and receive, from the user, a selection of oneof the identifiers. Furthermore, the retail server may authenticate theuser based on the selected identifier.

Consistent with other disclosed embodiments, a computer-readable mediumis provided that stores program instructions for implementing any of theabove-described methods.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory onlyand are not restrictive of the invention or embodiments thereof, asclaimed.

FIG. 1 is an example of a system 100 for authenticating a user inaccordance with one or more embodiments of the present invention. Inparticular, system 100 may provide functionality for authenticating auser based on the user's response to a challenge question that isrelated to the user's transaction history. As shown in system 100,retail server 110, catalog server 120, and terminals 140-160 areconnected to a network 130. One of skill in the art will appreciate thatalthough one retailer server, one catalog server, and three terminalsare depicted in FIG. 1, any number of these entities may be provided.Furthermore, one of ordinary skill in the art will recognize thatfunctions provided by one or more entities of system 100 may becombined. For example, functionality provided by retail server 110 andcatalog server 120 may be combined.

Network 130 provides communications between the various entities insystem 100, such as retail server 110, catalog servers 120, andterminals 140-160. In addition, retail server 110, catalog server 120,and/or terminals 140-160 may access legacy systems (not shown) vianetwork 130, or may directly access legacy systems, data stores, orother network applications. Network 130 may be a shared, public, orprivate network, may encompass a wide area or local area, and may beimplemented through any suitable combination of wired and/or wirelesscommunication networks. Furthermore, network 130 may comprise anintranet or the Internet.

Retail server 110 may comprise a general purpose computer (e.g., apersonal computer, network computer, server, or mainframe computer)having one or more processors (not shown in FIG. 1) that may beselectively activated or reconfigured by a computer program. Retailserver 110 may also be implemented in a distributed network. Forexample, retail server 110 may communicate via network 130 with one ormore additional retail servers (not shown), which may enable retailserver 110 to distribute processes for parallel execution by a pluralityof retail servers. Alternatively, retail server 110 may be speciallyconstructed for carrying-out methods consistent with disclosedembodiments. Retail server 110 may provide access to an Internet site,as well as provide functionality for authenticating users, andtransmitting data in connection with the sale of products and/orservices. Additional details of retailer server 110 are discussed belowin connection with FIG. 2.

Catalog server 120 may comprise a general purpose computer (e.g., apersonal computer, network computer, server, or mainframe computer)having one or more processors (not shown) that may be selectivelyactivated or reconfigured by a computer program. Furthermore, catalogserver 120 may communicate via network 130 or may be in direct bilateralcommunication with retail server 110. Catalog server 110 may also beimplemented in a distributed network. For example, catalog server 110may communicate via network 130 with one or more additional catalogservers (not shown) storing additional data.

Catalog server 120 may further include a data store 125. Data store 125may store data describing products and/or services offered for sale byan Internet site provided by retail server 110. For example, data store125 may store pages that are displayable by a computer executingsoftware, such as an Internet browser. Furthermore, data store 125 maystore product/or service descriptions, prices, and media used inconnection with the sale of the products and/or services. Media mayinclude any images, photographs, sounds, and/or video clips that providesamples and/or information pertaining to the products and/or services.Products and/or services having information stored in data store 125 maybe associated with a unique product identifier (ID), for example.

Terminals 140-160 may be any type device for communicating with retailserver 110 and/or catalog server 120 over network 130. For example,terminals 140-160 may be personal computers, handheld devices (e.g.,PDAs, cellular phones, etc.), or any other appropriate computingplatform or device capable of exchanging data with network 130.Terminals 140-160 may each include a processor and a memory (not shown),for example. Further, terminals 140-160 may execute program modules thatprovide one or more graphical user interfaces (GUIs) for interactingwith network resources, such as retail server 110 and/or catalog server120. Although users of terminals 140-160 may access and/or receive datafrom retail server 110 and/or catalog server 120, in a preferredembodiment, users at terminals 140-160 may access and/or receive datadirectly from retail server 110. For example, retail server 110 mayretrieve appropriate data from catalog server 120 and serve such data tousers at terminals 140-160. As the term is used herein, “users” mayinclude individuals purchasing products and/or services or individualslisting products and/or services for sale through the use of an Internetsite provided by retail server 110. Furthermore, “users” may includeindividuals having electronic accounts, such as accounts storing data inelectronic form (e.g., files), financial accounts, social networkingaccounts, and the like.

Users may access retail server 110 over network 130 through an Internetbrowser or software application running on any one of terminals 140-160.For example, retail server 110 may transmit a document (e.g., a webpage) that is accessible by an Internet browser. The document mayinclude options for a user to log onto a secure site provided by retailserver 110. Because the Internet site may use a secure communicationenvironment, such as an HTTPS (hypertext transfer protocol secure)environment to transfer data over network 130, data transfer is assumedto be secure.

Users may log onto the secure site provided by retail server 110 bysupplying credentials, such as a username and a password. Furthermore,consistent with disclosed embodiments, retail server 110 may alsorequire the user to respond to a security challenge question afterauthenticating the username and password. In other disclosedembodiments, retail server 110 may require the user to respond to asecurity challenge question to access a particular document (e.g., toperform a new transaction). In such an embodiment, retail server 110 mayhave previously authenticated the username and password combination. Instill other disclosed embodiments, retail server 110 may require theuser to respond to a security challenge question in lieu of submitting ausername and password combination. Security challenge questions andauthentication are discussed below in further detail.

FIG. 2 shows a diagram of an example architecture of retail server 110,in accordance with one or more embodiments of the present invention.Retail server 110 may include a processor 112 and a memory 114. Memory114 may be one or more memory or storage devices that store data as wellas software. Memory 114 may also comprise one or more of RAM, ROM,magnetic storage, or optical storage, for example. Memory 114 may storeprogram modules that, when executed by processor 112, perform one ormore processes for operating an Internet site. Program modules thatprovide authentication functionality are discussed in more detail inconnection with FIG. 3.

Retail server 110 may further include a username and password data store115, a user profile data store 116, and a user transaction history datastore 117. Username and password data store 115 may store username andpassword combinations for users of a retail Internet site provided byretail server 110. For example, username and password data store 115 maystore username and password combinations in one or more secure tables.User profile data store 116 may store information pertaining to users.For example, each user may have a profile including information such asname, billing address, shipping address, payment information (e.g.,credit card, debit card, account numbers, etc.), age, occupation, etc.User transaction history data store 117 may store transaction historiesof user relating to any transaction. Transactions may include anyactivities participated in by users and/or provided by an Internet site,such as, for example, game histories, email histories, auctionhistories, download histories, search histories, or purchase histories.For example, a purchase history may include information about ordersincluding completed orders (e.g., orders for products and/or servicesthat have been shipped or provided) and open orders (e.g., orders forproducts and/or services that have been placed, but have not beenshipped or provided). Furthermore, the purchase histories may includethe product IDs of the products purchased by users. Product IDs mayinclude product names and/or product numbers, UPCs (Universal ProductCodes), ISBN (International Standard Book Number), or any otheridentifier.

In disclosed embodiments, as part of the authentication process retailserver 110 may authenticate a user through the use of a securitychallenge question. The security challenge question may have a visualcomponent that relates to the user's transaction history. For example,the security challenge question may involve the use of a list ofproducts and/or services that the user has previously purchased. Retailserver 110 may select the products and/or services from user transactionhistory data store 117 and products and/or services from data store 125that the user has not purchased. Retail server 110 may transmit a pageto the user including the products and/or services that have beenpurchased by the user and the selected products and/or services thathave not been purchased by the user. Furthermore, in presenting thesecurity challenge question to the user, retail server 110 may depictthe products and/or services visually (e.g., by an image) with orwithout accompanying text. Retail server 110 may then prompt the user toselect one or more products and/or services from the displayed list thatthe user has purchased. If the user responds with a correct selection,retail server 110 may authenticate the user. Further details concerningthe triggering and selection of security challenge questions arediscussed below in connection with FIG. 3.

FIG. 3 is a diagram of an example software architecture forauthenticating a user, in accordance with one or more embodiments of thepresent invention. The software architecture may be stored in memory 114of retail server 110, as shown in FIG. 2, for example. In oneembodiment, memory 114 may store instructions of program 314, which whenexecuted, perform one or more data processes for authenticating a user.To do so, program 314 may include instructions in the form of one ormore program modules 314 a-314 e. Program modules 314 a-314 e mayinclude a trigger module 314 a, a select module 314 b, a display module314 c, a challenge module 314 d, and an alert module 314 e.

Trigger module 314 a may provide functionality for determining whenretail server 110 will prompt a user to respond to a security challengequestion. To determine whether to present a security challenge question,trigger module 314 a may consider data received from the user'sterminal, the page the user is viewing or attempting to view, a statusof the user account (i.e., whether an account has been marked forsuspected fraud), or whether the user has supplied a username andpassword that has been authenticated. For example, trigger module 314 amay present the security challenge to a user after verification of ausername and password combination or upon the occurrence of anotherevent. Accordingly, in some disclosed embodiments, the securitychallenge question may follow authentication of a username and passwordcombination. However, in other disclosed embodiments, the securitychallenge question may not follow authentication of a username andpassword combination.

For example, trigger module 314 a may present the security challengequestion to a user when the user makes a selection of, or attempts tonavigate to, a particular portion or document of an Internet site (e.g.,when the user selects a link to view and/or change payment information,shipping address information, or a password). In another embodiment,trigger module 314 a may present the security challenge question to auser when retail server 110 detects an unrecognized Internet Protocol(IP) address of the user's terminal or when the user attempts topurchase a new item. For example, a user may have previously accessedretail server 110 from terminal 140. However, on a subsequent occasion,the user may attempt to access retail server from terminal 150.Accordingly, trigger module 314 a may present the security challengequestion after detecting the unrecognized IP address of terminal 150. Inyet another embodiment, trigger module 314 a may present the securitychallenge question to a user when retail server 110 no longer detects acookie on the user's terminal. A “cookie” is typically an object thatstores information, such as an identifier of the user, user preferences,and active shopping cart information, for example.

Select module 314 b may determine which items to include in a securitychallenge question. For each security challenge question, select module314 b will select one or more items (e.g., products and/or services)that are stored in the user's transaction history and a plurality ofitems that are not stored in the user's transaction history. Selectmodule 314 b may obtain the items stored in the user's transactionhistory from user transaction history data store 117. Select module 314b may obtain items that are not stored in the user's transaction historyfrom data store 125. Select module 314 b may compare, for example, anidentifier of any item selected from data store 125 against identifiersstored for the user in user transaction history data store 117 in orderto avoid selecting items previously purchased by the user. Furthermore,the selection of items by select module 314 b may occur at random orbased on certain predetermined rules.

For example, select module 314 b may randomly select a product from aplurality of product categories (e.g., selecting a book, a CD, a DVD, anelectronic device, and a product purchased by the user). Select module314 b may also randomly select products based on other criteria, such assales rank, based on a recommendation system, etc. Furthermore, selectmodule 314 b may exclude certain popular items based on an exclude listor based on high sales rankings (e.g., exclude best selling books and/orDVDs since a large number of users have purchased them). When selectingitems from the user's transaction history, select module 314 b mayenforce a cutoff point, such as only selecting from items that have beenincluded in the user's transaction history within a particular timeperiod (e.g., within the last six months). Furthermore, select module314 b may determine which product selection techniques are moreeffective at reducing fraud after monitoring the success rate of priorsecurity challenge questions (e.g., by comparing failure rates for useraccounts that have been compromised to determine the best method).Select module 314 b may also identify items purchased by the user afterthe cutoff point and not select those items as being items not includedin the user's transaction history.

Although the examples described herein relate to products and/orservices, instead of prompting the user to select from products and/orservices, other kinds of security challenge questions are consistentwith the scope of the present invention. For example, in other disclosedembodiments, the user could be required to select from a list oflocations (e.g., city and state) to identify which location or locationsthe user shipped a recent order. Other alternatives include promptingthe user to identify a payment method previously used for a priorpurchase.

Display module 314 c may format and transmit data for a securitychallenge question to one of terminals 140-160. FIG. 4 provides anexample of a user interface and is discussed below in further detail. Togenerate the user interface, display module 314 c may access data store125 or network resources over network 130 for media (images, sounds,video clips, etc.) that pertain to items that were selected by selectmodule 314 b.

Since the security challenge question may be presented with graphicand/or auditory information, user recall is significantly improvedbecause such information is typically more readily remembered thanpasswords. For example, display module 314 c may format the appearanceof the security challenge question, such as the arrangement of items.Display module 314 c may list images of the items, or play video and/orsound clips describing the items, or play video showing moving images ofthe items. For items such as books, CDs, movies, etc, display module 314c may select a sound and/or video clip from the item itself that isreproduced to the user as part of the security challenge question.Furthermore, display module 314 c may present the security challengequestion using any appropriate identifier to represent an item in lieuof text and/or graphical information. An example of a user interface isshown in FIG. 4 and discussed in further detail.

Challenge module 314 d may receive and evaluate user selections of itemsincluded in a security challenge question. For example, the user may, inresponding to a security challenge question, check a box next todisplayed items, clicked and/or highlighted the items, use voice and/ortouch selection, or drag/dropped icons of the items, or selected itemsfrom pull down lists for item categories, for example. Data representingthe selection(s) is then received by retail server 110 for determinationof whether or not the selection(s) is correct.

After receiving an incorrect selection, challenge module 314 d maydetermine whether or not to suspend access to the user account (e.g.,indefinite or locked for a predetermined time period). Furthermore,challenge module 314 d may determine whether to provide a user with asecond challenge question in the event of an incorrect answer. Forexample, after an incorrect answer, challenge module 314 d may prevent auser from logging into the account for a predetermined period of time(e.g., must wait an hour) or the user could be locked out until the usercalls customer service. If a user makes a mistake, challenge module 314d may determine whether to present a new security challenge question orwhether to let the user make a second selection. Additionally, challengemodule 314 d may require the user to select from two different lists inconsecutive pages in order to reduce the chance of a fraudulent luckyguess.

Alert module 314 e may generate and send a notification (e.g., an email,voicemail, or text message) to an email address associated with the useraccount when a suspected intruder has attempted to access the account.The notification may include a message informing the user that someoneappears to have tried to fraudulently access his or her account. Themessage may further indicate that the user should disregard the messageif the user was the individual that incorrectly responded to thesecurity challenge question. Furthermore, if the user incorrectlyselects an item a predetermined number of times, alert module 314 e maysend a notification indicating that the user's account has been lockedeither temporarily or indefinitely. For example, the user may need towait a predetermined period of time or may need to contact customerservice to reactivate the account. Alert module 314 e may also sendinternal alerts to, for example, members of an internal investigationteam based on an incorrect response.

Although program modules 314 a-314 e have been described above as beingseparate modules, one of ordinary skill in the art will recognize thatfunctionalities provided by one or more modules may be combined.

FIG. 4 is an example of a user interface 400 for authenticating a userin a manner consistent with certain aspects of the present invention. Asdiscussed above, retail server 110 may transmit data for user interface400 including a challenge question after authenticating a username andpassword combination or after the user has navigated to or attempted tonavigate to a particular page. Furthermore, retail server 110 maydetermine which products and/or services to include in the securitychallenge question, as discussed above.

As shown in FIG. 4, user interface 400 includes a display of items401-409. Each item includes a graphic image depicting a product. Item401 is a DVD, item 402 is a watch, item 403 is a book, item 404 is acomputer, item 405 is a CD, item 406 is a toy car, item 407 is a pair ofspeakers, item 408 is a HDTV, and item 409 is a bookshelf. Furthermore,user interface 400 includes OK button 410, which a user may, forexample, select with a pointing device in order to submit selections toretail server 110. Although nine items are shown in user interface 400,one of ordinary skill in the art will recognize the number and kinds ofitems may vary. In addition, although both images and text are shown inFIG. 4, along with checkboxes for selecting items, one of ordinary skillin the art will recognize that any identifiers of items are in keepingwith the spirit and scope of the present invention (e.g., displayingimages without text, sound clips, or video clips, and using otherselecting means, such as highlighting, touching, or speakingselections).

A message displayed at the top of user interface 400 may provideinstructions for the user. As shown in user interface 400, the user isprovided with a message stating, “To help us verify your identity andkeep your account safe, please select the item(s) you have recentlypurchased by checking the appropriate box(es). After you have made yourselections, please click on the OK button.” Accordingly, the exemplarysecurity challenge question does not specify the number of items thatthe user is to select. Accordingly, the user must select the items thathe or she previously purchased in order to proceed past thisauthentication screen. In alternative embodiments, the securitychallenge question may specify to the user to select at least x (e.g.,two) number of items from the displayed items that have been purchasedwithin a particular timeframe.

As an example, a user purchased the HDTV shown as item 408 and thecomputer shown as item 404 within a predetermined time period (e.g., sixmonths). Accordingly, product identifiers for items 404 and 408 arestored in the user's transaction history. The user, however, did notpurchase the other items shown in user interface 400 (i.e., items401-403 and 405-409). Accordingly, if the user selects the check boxesof items 404 and 408 and then OK button 410, retail server 110 willauthenticate the user. Any other selection, such as a selection ofadditional items or fewer items that include or do not include items 404and 408 cause retail server 110 to return a message to the userindicating that the user has not been authenticated.

Subsequent to an incorrect response, retail server 110 may present theuser with a second chance to correctly answer the same securitychallenge question or may present the user with a second chance toanswer a new security challenge question. Furthermore, subsequent to acorrect response, for an additional layer of security, retail server 110may present a second security challenge question (i.e., to beauthenticated, the user must answer correctly consecutive securitychallenge questions). Still further, although shown in FIG. 4 as onegroup of items, user interface 400 may include two or more groups ofitems. For example, a user may be prompted to select one or moreproducts from a first group and one or more products from a second groupin order to be authenticated.

Although the example user interface 400 shown in FIG. 4 prompts the userto select one or more items that the user has purchased, in analternative embodiment, user interface 400 may instead prompt the userto select one or more items that the user has not purchased.Furthermore, user interface 400 may include an icon (not shown)providing the user with an option of answering the security challengequestion with a response indicating that the user did not purchase anyof the displayed items. One of ordinary skill in the art will recognizethat modifications as to the number, arrangement, and security challengequestions are in keeping with the spirit and scope of the presentinvention.

FIG. 5 is a flow diagram 500 of an example of a routine forauthenticating a user in accordance with one or more embodiments of thepresent invention. Routine 500 may implement processes according to oneor more of program modules 314 a-314 e and may include causing retailserver 110 to transmit data for a user interface, such as user interface400.

At the start of routine 500, in block 502, trigger module 314 a maydetermine that a security challenge question should be presented to auser. For example, trigger module 314 a may have monitored data receivedfrom one of terminals 140-160 from which the user has accessed anInternet site. Triggering of the security challenge question may followthe user viewing or attempting to view a certain page or based on astatus of the user account (i.e., whether an account has been marked forsuspected fraud), or whether the user has supplied a username andpassword that has been authenticated. Accordingly, block 502 may occurafter verification of a username and password combination or upon theoccurrence of another event.

In block 504, select module 314 b may determine which items to includein a security challenge question. For each security challenge question,select module 314 b will select one or more items (e.g., products and/orservices) that are stored in the user's transaction history and aplurality of items that are not stored in the user's transactionhistory. Select module 314 b may obtain the items stored in the user'stransaction history from user transaction history data store 117. Selectmodule 314 b may obtain the other items that are not stored in theuser's transaction history from data store 125.

In addition to selecting items from user transaction history data store117 to include in the security challenge question, select module 314 bmay also utilize such information to determine items that should not beincluded in the security challenge question. For example, if thesecurity challenge question is requesting that the user select itemspurchased within the last six months, in addition to providing itemsincluded in the user transition history that were purchased in the lastsix months, select module 314 b may also determine not to include itemsthat were purchased during the three months preceding the six monthwindow. By specifically excluding items that were actually purchased bythe user prior to the specified time-window reduces the likelihood thata user incorrectly select the item as being purchased within the timewindow based upon a legitimate but incorrect belief that the item waspurchased during the specified time-window.

Furthermore, select module 314 b may randomly select products that arenot stored in the user's transaction history from a plurality of productcategories (e.g., selecting a book, a CD, a DVD, an electronic device,and a product purchased by the user). Select module 314 b may alsoselect one or more of the products that the user did not purchase bytaking into consideration the products that are stored in the user'stransaction history. That is, select module 314 b may select productsthat the user did not purchase, but that are similar in product type orare made by the same manufacturer as products that were previouslypurchased by the user.

In block 506, display module 314 c formats and transmits data for thesecurity challenge question, including identifiers of the items selectedin block 504, to one of terminals 140-160. For example, display module314 c may access data store 125 or network resources over network 130for media (images, sounds, video clips, etc.) that pertain to items thatwere selected by select module 314 b.

In block 508, challenge module 314 d receives a selection of one or moreitems from the user at one of terminals 140-160. For example, the usermay have checked a box, clicked and/or highlighted, used voice, touch,or drag/dropped icons, or selected items from pull down lists for itemcategories.

In decision block 510, challenge module 314 d evaluates whether or notthe received selection is correct. If the received selection is correct,routine 500 proceeds to block 522. For example, in some embodiments, thereceived selection must be exactly correct (i.e., the user must haveselected all items previously purchased that were displayed). However,in other embodiments consistent with the present invention, a majorityof correction selections may be sufficient to constitute a correctselection as long as no incorrect items are selected. For example,selecting two out of three items that have been purchased may besufficient. In contrast, selecting two purchased items and one item thatwas not purchased may not be sufficient. Still further, in otherembodiments, a correct answer may include a small number of incorrectselections (e.g., only one incorrect selection of an item not previouslypurchased) so long as the rest of the selected items were previouslypurchased.

In block 522, challenge module 314 d authenticates the user and routine500 completes. However, if the received selection is not correct,routine 500 proceeds to decision block 512.

In decision block 512, because the user has incorrectly answered thesecurity challenge question, challenge module 314 d determines whetheror not to give the user another chance. For example, challenge module314 d may determine whether to provide a user with a second chance basedon how may incorrect responses have been received or based on a statusof the account (e.g., suspected fraudulent activity). For example, ifmultiple unsuccessful attempts to log into an account have been made,then challenge module 314 d may determine that the user should notreceive a second chance. If the user is given another chance, routine500 returns to block 504 and proceeds as discussed above. If the user isnot given another chance, then routine 500 proceeds to decision block514.

In decision block 514, challenge module 314 d may determine whether tosuspend access to the account for which the security challenge questionwas incorrectly answered. If challenge module 314 d is going to suspendaccess to the account, routine 500 proceeds to block 516. However, ifchallenge module 314 d is not going to suspend access to the account,then routine 500 proceeds to decision block 518.

In block 516, challenge module 314 d may lock the account. Routine 500then proceeds to decision block 518.

In decision block 518, alert module 314 e determines whether to send analert notification. If alert module 314 e is going to send an alert,routine 500 proceeds to block 520. In block 520, alert module 314 esends an alert notification. For example, alert module 314 e maygenerate and send a notification (e.g., an email, voicemail, or textmessage) to an email address associated with the account when asuspected intruder has attempted to access the account. Routine 500 thencompletes.

As one of ordinary skill in the art will appreciate, one or more ofblocks 502-522 may be optional and may be omitted from implementationsin certain embodiments.

The foregoing description has been presented for purposes ofillustration. It is not exhaustive and does not limit the invention tothe precise forms or embodiments disclosed. Modifications andadaptations of the invention will be apparent to those skilled in theart from consideration of the specification and practice of thedisclosed embodiments of the invention. For example, the describedimplementations include software, but systems and methods consistentwith the present invention may be implemented as a combination ofhardware and software or in hardware alone. Examples of hardware includecomputing or processing systems, including personal computers, servers,laptops, mainframes, micro-processors and the like. Additionally,although aspects of the invention are described for being stored inmemory, one skilled in the art will appreciate that these aspects canalso be stored on other types of computer-readable media, such assecondary storage devices, for example, hard disks, floppy disks, orCD-ROM, the Internet or other propagation medium, or other forms of RAMor ROM.

Computer programs based on the written description and methods of thisinvention are within the skill of an experienced developer. The variousprograms or program modules can be created using any of the techniquesknown to one skilled in the art or can be designed in connection withexisting software. For example, program sections or program modules canbe designed in or by means of Java, C++, HTML, XML, or HTML withincluded Java applets. One or more of such software sections or modulescan be integrated into a computer system or existing e-mail or browsersoftware.

Moreover, while illustrative embodiments of the invention have beendescribed herein, the scope of the invention includes any and allembodiments having equivalent elements, modifications, omissions,combinations (e.g., of aspects across various embodiments), adaptationsand/or alterations as would be appreciated by those in the art based onthe present disclosure. The limitations in the claims are to beinterpreted broadly based on the language employed in the claims and notlimited to examples described in the present specification or during theprosecution of the application, which examples are to be construed asnon-exclusive. Further, the blocks of the disclosed routines may bemodified in any manner, including by reordering blocks and/or insertingor deleting blocks, without departing from the principles of theinvention. It is intended, therefore, that the specification andexamples be considered as exemplary only, with a true scope and spiritof the invention being indicated by the following claims and their fullscope of equivalents.

Therefore, the following is claimed:
 1. A system, comprising: at leastone computing device comprising a processor and a memory storingexecutable instructions, wherein the executable instructions, whenexecuted, cause the processor to: select at least one item from atransaction history of a user account and at least one other item thatis not included in the transaction history; place a plurality ofidentifiers in a user interface, the plurality of identifiers includingthe at least one item from the transaction history and the at least oneother item that is not included in the transaction history; obtain aselection from the plurality of identifiers; and perform a userauthentication of the user account based at least in part upon theselection from the plurality of identifiers.
 2. The system of claim 1,wherein the executable instructions, when executed, cause the processorto determine that the selection from the plurality of identifiersmatches the at least one item from the transaction history of the useraccount.
 3. The system of claim 2, wherein the executable instructions,when executed, cause the processor determine that the selection from theplurality of identifiers fails to include the at least one other itemthat is not included in the transaction history.
 4. The system of claim3, wherein the user authentication fails when the selection from theplurality of identifiers fails to match the at least one item.
 5. Thesystem of claim 1, wherein the at least one item includes a purchasetransaction associated with the user account.
 6. The system of claim 1,wherein the at least one item includes a shipping address associatedwith the at least one item.
 7. The system of claim 1, wherein the atleast one item includes a payment method associated with a transactionassociated with the user account.
 8. A non-transitory computer-readablemedium stored in a memory embodying instructions executable by aprocessor, the instructions, when executed, causing the processor to atleast: select at least one item from a transaction history of a useraccount and at least one other item that is not included in thetransaction history; place a plurality of identifiers in a userinterface, the plurality of user identifiers including the at least oneitem from the transaction history and the at least one other item thatis not included in the transaction history; obtain a selection from theplurality of identifiers; and perform a user authentication based atleast in part upon the selection from the plurality of identifiers. 9.The non-transitory computer-readable medium of claim 8, wherein theinstructions, when executed, cause the processor to at leastauthenticate the user when the selection corresponds to the at least oneitem from the transaction history of the user.
 10. The non-transitorycomputer-readable medium of claim 9, wherein the instructions, whenexecuted, cause the processor to at least perform the userauthentication by confirming that the selection does not include the atleast one other item that is not from the transaction history of theuser.
 11. The non-transitory computer-readable medium of claim 10,wherein the user authentication fails when the selection from theplurality of identifiers fails to match the at least one item.
 12. Thenon-transitory computer-readable medium of claim 8, wherein the at leastone item includes a purchase transaction associated with the useraccount.
 13. The non-transitory computer-readable medium of claim 8,wherein the at least one item includes a shipping address associatedwith the at least one item.
 14. A method comprising: selecting, via atleast one of one or more computing devices, at least one item from atransaction history of a user account and at least one other item thatis not included in the transaction history; placing, via at least one ofone or more computing devices, a plurality of identifiers in a userinterface, the plurality of user identifiers including the at least oneitem from the transaction history and the at least one other item thatis not included in the transaction history; obtaining, via at least oneof one or more computing devices, a selection from the plurality ofidentifiers; and performing, via at least one of one or more computingdevices, a user authentication based at least in part upon the selectionfrom the plurality of identifiers.
 15. The method of claim 14, furthercomprising authenticating the user when the selection corresponds to theat least one item from the transaction history of the user.
 16. Themethod of claim 15, wherein performing the user authentication furthercomprises confirming that the selection does not include the at leastone other item that is not from the transaction history of the user. 17.The method of claim 16, wherein the user authentication fails when theselection from the plurality of identifiers fails to match the at leastone item.
 18. The method of claim 14, wherein the at least one itemincludes a purchase transaction associated with the user account. 19.The method of claim 14, wherein the at least one item includes ashipping address associated with the at least one item.
 20. The methodof claim 14, wherein the at least one item includes a payment methodassociated with a transaction associated with the user account.